#!/bin/bash

mkdir -p pki

# Generate Root Certificate and Key
openssl req -newkey rsa:2048 -nodes -keyout pki/ca.key -x509 -days 3650 -out pki/ca.cer -subj "/C=JP/ST=A/L=A/CN=Taito Arcade Machine CA"
#    -addext "subjectAltName = DNS:cert.nesys.jp,DNS:cert3.nesys.jp,DNS:data.nesys.jp,DNS:proxy.nesys.jp,DNS:nesys.taito.co.jp,DNS:fjm170920zero.nesica.net"

# Generate Nesys CSR and key
openssl req -newkey rsa:2048 -nodes -keyout pki/nesys.key -out pki/nesys.csr -subj "/C=JP/ST=A/L=A/CN=nesys"
#    -addext "subjectAltName = DNS:cert.nesys.jp,DNS:cert3.nesys.jp,DNS:data.nesys.jp,DNS:proxy.nesys.jp,DNS:nesys.taito.co.jp,DNS:fjm170920zero.nesica.net" -days 3650

# Generate Nesys cert
openssl x509 -req -sha256 -days 3650 -in pki/nesys.csr -CA pki/ca.cer -CAkey pki/ca.key -out pki/nesys.cer -set_serial 0

# Generate client CSR and key
openssl req -newkey rsa:2048 -nodes -keyout pki/PREMIUM.key -out pki/PREMIUM.csr -subj "/C=JP/ST=A/L=A/CN=PREMIUM" 
#-addext "subjectAltName = DNS:cert.nesys.jp,DNS:cert3.nesys.jp,DNS:data.nesys.jp,DNS:proxy.nesys.jp,DNS:nesys.taito.co.jp,DNS:fjm170920zero.nesica.net"

# Generate client cert
openssl x509 -req -sha256 -days 3650 -in pki/PREMIUM.csr -CA pki/nesys.cer -CAkey pki/nesys.key -out pki/PREMIUM.cer -set_serial 0

# Generate server cert and key
openssl req -newkey rsa:2048 -nodes -keyout pki/server.key -out pki/server.csr -subj "/C=JP/ST=A/L=A/CN=*.nesys.jp"
openssl x509 -req -sha256 -days 3650 -in pki/server.csr -CA pki/nesys.cer -CAkey pki/nesys.key -out pki/server.cer -set_serial 0